<?php

if (defined('NO_DIRECT')) {
	if (isset($_POST['username']) && isset($_POST['password'])) {
		$user_result = db_result('SELECT user_id FROM users WHERE username = "'.urlencode($_POST['username']).'" AND password = "'.md5($_POST['password']).'"');
		if ($user_result === false) {
			// sign in gagal
			header('Location: '.make_url('','signedin=false'));
		} else {
			$_SESSION['cn_id_user'] = intval($user_result['user_id']);
			$location = make_url('beranda','');
			if (isset($_POST['redirect'])) {
				$location = urldecode($_POST['redirect']);
			}
			header('Location: '.$location);
		}
	}
}